ISACA Journal - 2012 Volume 3

Prepared by Kamal Khan, CISA, CISSP, CITP, mbCS

Take the quiz online: QUIZ #142

AKHTAr, buCHHOLTS, ryAn AnD Se TTy Ar TICLe

1. In many instances, IT auditors merely confirm whether backups are being performed either to disk or to tape, without considering the integrity or viability of the backup media.

2. A checklist for database backup and recovery includes ensuring that there is sufficient budget to cover the cost of backup tapes.

3. Oracle and MS SQL Server databases can be backed up to tape or disk. It is not a good idea to back up to disk first because they are difficult for DBAs to monitor and control.

OyemADe Ar TICLe

11. IT has the potential for business transformation and also represents a significant investment, typically from 1-8 percent of gross revenue.

12. The three-lines-of-defense model consists of three key elements: risk identification, risk assessment and risk monitoring.

13. The four types of risk response are risk avoidance, risk sharing/transfer, risk acceptance and risk reduction/mitigation.

Du TTA AnD SISTA Ar TICLe

4. A backup and recovery SLA is an important mechanism in assisting in the recovery process.

5. IT auditors can assist data administration teams in strengthening their controls and data recovery processes by validating DBA operations.

TAmmIneeDI Ar TICLe

6. Disaster recovery planning (DRP) involves planning and procedural aspects, encompassing emergency reponse and crisis communications.

7. BS 25999 Business continuity management establishes the process, principles and terminology of BCM and highlights the benefits and outcomes of an effective BCM program.

14. The Basel II framework uses three pillars: ( 1) detailed methods for calculating minimum regulatory capital, ( 2) supervisory review standards and ( 3) market disclosure.

15. The Basel Committee classifies operational loss data in seven categories including damage to physical assets and business disruption and system failures.

DAvIS, FerreLL, SCrAn TOn AnD mILLAr Ar TICLe

16. Fraud impacted 97 percent of organizations in 2010, according to the Kroll Global Fraud Report.

17. Prioritizing results according to specific red flags has cut review times by more than 57 percent.

8. The main BCM assets are the six organizational resources: power, premises, technology, information, supplies and cabling.

9. Most business continuity and disaster recovery plans address failover to a hot site or alternate site. Very few address the need to move operations back to a restored primary location.

10. Many business continuity plans are built on assumptions that may not include all relevant assumptions and limiting factors. For example, one assumption is that employees will go long distances to support operations, whereas local or regional disasters can make employees reluctant to go far from home.